Neelie Kroes: A European Strategy for Internet Security

It’s a pleasure to address you all today. I know we all feel the importance and urgency of tackling internet security threats.

For one thing, there are serious costs to inaction. Already, some say that cyber crime accounts for more than the global drugs trade. The 2011 cyber attack cost Sony nearly $175 million, almost as much as they lost from the same year’s earthquake and tsunami.

For another, serious risks are out there. The recent World Economic Forum asked the question: what are the chances, over the next decade, of a major breakdown of Critical Information Infrastructure? A disaster which could cost of hundreds of billions of euros? They decided: 10%. One in ten.

And for another, these threats affect everyone. They could damage not just government or critical infrastructure, but also threaten consumer trust in global e-commerce, worth trillions of euros each year.

The threats come from around the world and readily cross borders.

But so far, our societies have not taken the necessary measures to address these risks. Internet Security cannot be confined to the national devices of national security, as if cyberspace were just another domain of combat action.

Computers and networks are the very fabric of our everyday lives. Attacks on the security and proper functioning of our networks can come from a variety of sources, be it for political motives, for gain, for vandalism, for protest, for adventure.

We need a comprehensive response that covers it all.

This is why we need a new vision to address the specificities of security in cyberspace. This is why I prefer to call it a European Strategy for Internet Security.

We need everyone—governments, businesses and individuals—to work together and share the responsibility of making Internet safe and secure.

Our strategy – I say ‘our’ because I work closely with Cécilia Malmström and Cathy Ashton – due in the third quarter of this year, will enable a step-change in how we ensure Internet security. It will be embedded in our principles for Internet governance. There will be five main strands.

First, we need capabilities and response networks. Member States will be asked to guarantee minimum capabilities. To respond adequately to threats, we’ll need to share critical information in a secure and confidential manner: within and between public and private sectors. CERTs and other competent bodies need to exchange regularly and rapidly, to warn and assist. Those relations should be based on a trusted network and on a common reference framework within the Single Market. Here to read more.